Hi,
On Tue, Sep 18, 2018 at 11:21:07PM +0200, Clément OUDOT wrote:
No, the olcAccess {3} deny all access inside dc=bigcompany,dc=hu, the rule {4} is never evaluated.
yep,
And as I wrote in first mail, the simple "ldapmodify" works as well.
Do you test to modify only userPassword attribute? Or your modification is also on Samba attributes?
SMB attributes modification was denied when I tested today.
And more important, the other users under the same OU can change their own userpassword/nt/lm password attributes through PHP.
I don't how, because your ACL allow only userPassword modification for 'self'.
so, you're right, Clément, and thanks for the clarification.
Our end customers desinformed me - today become clear that nobody can modify their passwords (userPassword, NT/LM passwd) through the webservice.
I've modified ACL rules, now it works as well - thanks again.
Anyway, it's very interesting, how and why slapd logs that lines... they also misleaded me.
Thanks,
a.